The latest version of Kubernetes does not support Docker as a container runtime anymore. That is why many Kubernetes administrators have migrated their cluster’s container runtime from docker to another container runtime like containerd or cri-o. Or they will do that soon.
References
- https://gist.github.com/mamiu/4944e10305bc1c3af84946b33237b0e9
Old: entering a Container as root with Docker
Most containers that run on Kubernetes clusters do not run as root. But what, if you want to test a container and for that, you want to install and test some software manually before you create a new container image? With Docker that was easy. Just enter the container as root (id=0
) and do with the container, whatever you want to do:
docker exec -it --rm -u 0 <container-id> bash
Now, that the containers are no Docker containers anymore, this is not possible anymore.
New: entering a Container as root with runc
However, you can runc
to enter the container as root. Say, you want to enter a shell as root user in the container running on my-pod
on my-namespace
. First, you need to calculate the container ID. With that information you can enter the container using runc
like follows:
# INPUT POD=my-pod NAMESPACE=my-namespace # CALCULATE CONTAINER=$(kubectl -n $NAMESPACE get pod $POD -o jsonpath="{.status.containerStatuses[].containerID}" | sed 's/.*\/\///') # RUN SHELL AS ROOT sudo runc --root /run/containerd/runc/k8s.io/ exec -t -u 0 $CONTAINER sh
That’s it! You even do not need to install runc
, since runc
is part of the installation package if you have installed containerd (and I guess, also with cri-o…).
P.S.: if you still need to migrate your Kubernetes cluster from Docker container runtime to containerd runtime, you might be interested in this blog post: